From 0c7441a81e2259565c2b6ce0db2f075040209386 Mon Sep 17 00:00:00 2001 From: "Tony Arcieri (iqlusion)" Date: Tue, 14 Mar 2023 10:53:00 -0700 Subject: [PATCH] Bump asymmetric crypto dependencies; MSRV 1.65 (#490) Bumps the following dependencies to the latest versions: - `elliptic-curve` v0.13 - `k256` v0.13 - `p256` v0.13 - `p384` v0.13 - `pbkdf2` v0.12 - `rsa` v0.9.0-pre.0 - `signature` v2 --- .github/workflows/ci.yml | 6 +-- Cargo.lock | 94 ++++++++++++++++++++++------------------ Cargo.toml | 17 ++++---- README.md | 2 +- cli/Cargo.toml | 2 +- src/mgm.rs | 4 +- tests/integration.rs | 4 +- 7 files changed, 69 insertions(+), 60 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 97006c4..1e7451a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,13 +36,13 @@ jobs: toolchain: stable deps: true - platform: ubuntu-latest - toolchain: 1.60.0 # MSRV + toolchain: 1.65.0 # MSRV deps: sudo apt-get install libpcsclite-dev - platform: windows-latest - toolchain: 1.60.0 # MSRV + toolchain: 1.65.0 # MSRV deps: true - platform: macos-latest - toolchain: 1.60.0 # MSRV + toolchain: 1.65.0 # MSRV deps: true runs-on: ${{ matrix.platform }} steps: diff --git a/Cargo.lock b/Cargo.lock index 947a2db..8427210 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -67,9 +67,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "base16ct" -version = "0.1.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" [[package]] name = "base64" @@ -196,9 +196,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.9.1" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cec318a675afcb6a1ea1d4340e2d377e56e47c266f28043ceccbf4412ddfdd3b" +checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913" [[package]] name = "cookie-factory" @@ -223,9 +223,9 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.4.9" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" +checksum = "7c2538c4e68e52548bacb3e83ac549f903d44f011ac9d5abb5e132e67d0808f7" dependencies = [ "generic-array", "rand_core", @@ -295,9 +295,9 @@ checksum = "23d8666cb01533c39dde32bcbab8e227b4ed6679b2c925eba05feabea39508fb" [[package]] name = "der" -version = "0.6.1" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" +checksum = "bc906908ea6458456e5eaa160a9c08543ec3d1e6f71e2235cedd660cb65f9df0" dependencies = [ "const-oid", "pem-rfc7468", @@ -352,9 +352,9 @@ dependencies = [ [[package]] name = "ecdsa" -version = "0.14.8" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" +checksum = "d1b0a1222f8072619e8a6b667a854020a03d363738303203c09468b3424a420a" dependencies = [ "der", "elliptic-curve", @@ -364,13 +364,12 @@ dependencies = [ [[package]] name = "elliptic-curve" -version = "0.12.3" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" +checksum = "6ea5a92946e8614bb585254898bb7dd1ddad241ace60c52149e3765e34cc039d" dependencies = [ "base16ct", "crypto-bigint", - "der", "digest", "ff", "generic-array", @@ -420,9 +419,9 @@ dependencies = [ [[package]] name = "ff" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" dependencies = [ "rand_core", "subtle", @@ -436,6 +435,7 @@ checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -451,9 +451,9 @@ dependencies = [ [[package]] name = "group" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", "rand_core", @@ -719,33 +719,36 @@ checksum = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee" [[package]] name = "p256" -version = "0.11.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594" +checksum = "7270da3e5caa82afd3deb054cc237905853813aea3859544bc082c3fe55b8d47" dependencies = [ "ecdsa", "elliptic-curve", + "primeorder", "sha2", ] [[package]] name = "p384" -version = "0.11.2" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa" +checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" dependencies = [ "ecdsa", "elliptic-curve", + "primeorder", "sha2", ] [[package]] name = "pbkdf2" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" +checksum = "f0ca0b5a68607598bf3bad68f32227a8164f6254833f84eafaac409cd6746c31" dependencies = [ "digest", + "hmac", ] [[package]] @@ -769,18 +772,18 @@ dependencies = [ [[package]] name = "pem-rfc7468" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" dependencies = [ "base64ct", ] [[package]] name = "pkcs1" -version = "0.4.1" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719" +checksum = "178ba28ece1961eafdff1991bd1744c29564cbab5d803f3ccb4a4895a6c550a7" dependencies = [ "der", "pkcs8", @@ -790,9 +793,9 @@ dependencies = [ [[package]] name = "pkcs8" -version = "0.9.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" +checksum = "3d2820d87d2b008616e5c27212dd9e0e694fb4c6b522de06094106813328cb49" dependencies = [ "der", "spki", @@ -810,6 +813,15 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +[[package]] +name = "primeorder" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7613fdcc0831c10060fa69833ea8fa2caa94b6456f51e25356a885b530a2e3d0" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro-error" version = "1.0.4" @@ -901,20 +913,19 @@ checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" [[package]] name = "rfc6979" -version = "0.3.1" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "crypto-bigint", "hmac", - "zeroize", + "subtle", ] [[package]] name = "rsa" -version = "0.7.2" +version = "0.9.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c" +checksum = "a7bc1d34159d63536b4d89944e9ab5bb952f45db6fa0b8b03c2f8c09fb5b7171" dependencies = [ "byteorder", "digest", @@ -926,7 +937,6 @@ dependencies = [ "pkcs8", "rand_core", "signature", - "smallvec", "subtle", "zeroize", ] @@ -962,9 +972,9 @@ checksum = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2" [[package]] name = "sec1" -version = "0.3.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" +checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e" dependencies = [ "base16ct", "der", @@ -1013,9 +1023,9 @@ dependencies = [ [[package]] name = "signature" -version = "1.6.4" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" +checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d" dependencies = [ "digest", "rand_core", @@ -1035,9 +1045,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" +checksum = "c0445c905640145c7ea8c1993555957f65e7c46d0535b91ba501bc9bfc85522f" dependencies = [ "base64ct", "der", diff --git a/Cargo.toml b/Cargo.toml index cc19724..de53848 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ readme = "README.md" categories = ["api-bindings", "authentication", "cryptography", "hardware-support"] keywords = ["ecdsa", "encryption", "rsa", "piv", "signature"] edition = "2021" -rust-version = "1.60" +rust-version = "1.65" [workspace] members = [".", "cli"] @@ -24,20 +24,20 @@ chrono = "0.4.23" cookie-factory = "0.3" der-parser = "8" des = "0.8" -elliptic-curve = "0.12" -hex = { package = "base16ct", version = "0.1", features = ["alloc"] } +elliptic-curve = "0.13" +hex = { package = "base16ct", version = "0.2", features = ["alloc"] } hmac = "0.12" log = "0.4" nom = "7" num-bigint-dig = { version = "0.8", features = ["rand"] } num-traits = "0.2" num-integer = "0.1" -pbkdf2 = { version = "0.11", default-features = false } -p256 = "0.11" -p384 = "0.11" +p256 = "0.13" +p384 = "0.13" +pbkdf2 = { version = "0.12", default-features = false, features = ["hmac"] } pcsc = "2.3.1" rand_core = { version = "0.6", features = ["std"] } -rsa = "0.7" +rsa = "=0.9.0-pre.0" secrecy = "0.8" sha1 = { version = "0.10", features = ["oid"] } sha2 = { version = "0.10", features = ["oid"] } @@ -50,8 +50,7 @@ zeroize = "1" [dev-dependencies] env_logger = "0.10" once_cell = "1" -rsa = { version = "0.7.1", features = ["hazmat"] } -signature = { version = "1.6.4", features = ["hazmat-preview"] } +signature = "2" [features] untested = [] diff --git a/README.md b/README.md index 275bc4b..37e1d2f 100644 --- a/README.md +++ b/README.md @@ -214,7 +214,7 @@ or conditions. [docs-link]: https://docs.rs/yubikey/ [license-image]: https://img.shields.io/badge/license-BSD-blue.svg [license-link]: https://github.com/iqlusioninc/yubikey.rs/blob/main/COPYING -[msrv-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg +[msrv-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg [safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg [safety-link]: https://github.com/rust-secure-code/safety-dance/ [build-image]: https://github.com/iqlusioninc/yubikey.rs/workflows/CI/badge.svg?branch=main&event=push diff --git a/cli/Cargo.toml b/cli/Cargo.toml index bb35dfb..dc8da44 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -17,7 +17,7 @@ rust-version = "1.56" [dependencies] clap = { version = "4", features = ["derive"] } env_logger = "0.10" -hex = { package = "base16ct", version = "0.1", features = ["alloc"] } +hex = { package = "base16ct", version = "0.2", features = ["alloc"] } log = "0.4" once_cell = "1" sha2 = "0.10" diff --git a/src/mgm.rs b/src/mgm.rs index 78e829a..a6ff1df 100644 --- a/src/mgm.rs +++ b/src/mgm.rs @@ -46,7 +46,7 @@ use des::{ TdesEde3, }; #[cfg(feature = "untested")] -use {hmac::Hmac, pbkdf2::pbkdf2, sha1::Sha1}; +use {pbkdf2::pbkdf2_hmac, sha1::Sha1}; /// YubiKey MGMT Applet Name #[cfg(feature = "untested")] @@ -147,7 +147,7 @@ impl MgmKey { } let mut mgm = [0u8; DES_LEN_3DES]; - pbkdf2::>(pin, salt, ITER_MGM_PBKDF2, &mut mgm); + pbkdf2_hmac::(pin, salt, ITER_MGM_PBKDF2, &mut mgm); MgmKey::from_bytes(mgm) } diff --git a/tests/integration.rs b/tests/integration.rs index 747f1b7..45d8065 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -8,7 +8,7 @@ use once_cell::sync::Lazy; use rand_core::{OsRng, RngCore}; use rsa::pkcs1v15; use sha2::{Digest, Sha256}; -use signature::{hazmat::PrehashVerifier, Signature as _}; +use signature::hazmat::PrehashVerifier; use std::{env, str::FromStr, sync::Mutex}; use x509::RelativeDistinguishedName; use yubikey::{ @@ -203,7 +203,7 @@ fn generate_self_signed_rsa_cert() { let data = cert.as_ref(); let tbs_cert_len = u16::from_be_bytes(data[6..8].try_into().unwrap()) as usize; let msg = &data[4..8 + tbs_cert_len]; - let sig = pkcs1v15::Signature::from_bytes(&data[data.len() - 128..]).unwrap(); + let sig = pkcs1v15::Signature::try_from(&data[data.len() - 128..]).unwrap(); let hash = Sha256::digest(msg); assert!(pubkey.verify_prehash(&hash, &sig).is_ok());